Hello Splunkers,
I am having some issue with LDAP authentication.
The Issue is: i am having one domain that is abc.int.com under that domain i have one OU called Splunk in that OU i have many "usersid" .
"usersid" refers to persons name who needs access in Splunk through LDAP
So i am using the strings :
For user base DN :
ou=Splunk,dc=abc,dc=int,dc=com
and for group base dn .
dc=abc,dc=int,dc=com
but it's not picking up users. It's only picking up users under groups not under any OU.
Please help me !!!!
I can't give you a specific answer for this. However I can tell you how I got mine working.
Using ADExplorer or some other LDAP browser I nailed down the OU structure. I copy-pasted to ensure that I got the characters exactly. You can usually go into the properties of the object and copy it there.
This assumes users are in the following OU's.
OU=Users,OU=Accounts,OU=GA-ATL,OU=America,OU=Sites,DC=domain,DC=com
OU=Expire,OU=Accounts,OU=GA-ATL,OU=America,OU=Sites,DC=domain,DC=com
OU=WA-SEA,OU=America,OU=Sites,DC=domain,DC=com
And the group mappings will only show any group that begins with "Splunk"
Here is my working copy of my ..\etc\local\authentication.conf file. Which of course is populated from the GUI.
[LDAP Authentication to AD]
SSLEnabled = 1
anonymous_referrals = 1
bindDN = CN=splunkadsearch\, svc,CN=Users,DC=domain,DC=com
bindDNpassword = XXXXXXXX
charset = utf8
emailAttribute = mail
groupBaseDN = OU=Security,OU=Groups,OU=GA-ATL,OU=America,OU=Sites,DC=domain,DC=com
groupBaseFilter = (CN=Splunk*)
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = PDOM05.domain.com
nestedGroups = 0
network_timeout = 20
port = 636
realNameAttribute = displayname
sizelimit = 1000
timelimit = 15
userBaseDN = OU=Users,OU=Accounts,OU=GA-ATL,OU=America,OU=Sites,DC=domain,DC=com;OU=Expire,OU=Accounts,OU=GA-ATL,OU=America,OU=Sites,DC=domain,DC=com;OU=WA-SEA,OU=America,OU=Sites,DC=domain,DC=com
userNameAttribute = samaccountname
Hope this helps.
I can't give you a specific answer for this. However I can tell you how I got mine working.
Using ADExplorer or some other LDAP browser I nailed down the OU structure. I copy-pasted to ensure that I got the characters exactly. You can usually go into the properties of the object and copy it there.
This assumes users are in the following OU's.
OU=Users,OU=Accounts,OU=GA-ATL,OU=America,OU=Sites,DC=domain,DC=com
OU=Expire,OU=Accounts,OU=GA-ATL,OU=America,OU=Sites,DC=domain,DC=com
OU=WA-SEA,OU=America,OU=Sites,DC=domain,DC=com
And the group mappings will only show any group that begins with "Splunk"
Here is my working copy of my ..\etc\local\authentication.conf file. Which of course is populated from the GUI.
[LDAP Authentication to AD]
SSLEnabled = 1
anonymous_referrals = 1
bindDN = CN=splunkadsearch\, svc,CN=Users,DC=domain,DC=com
bindDNpassword = XXXXXXXX
charset = utf8
emailAttribute = mail
groupBaseDN = OU=Security,OU=Groups,OU=GA-ATL,OU=America,OU=Sites,DC=domain,DC=com
groupBaseFilter = (CN=Splunk*)
groupMappingAttribute = dn
groupMemberAttribute = member
groupNameAttribute = cn
host = PDOM05.domain.com
nestedGroups = 0
network_timeout = 20
port = 636
realNameAttribute = displayname
sizelimit = 1000
timelimit = 15
userBaseDN = OU=Users,OU=Accounts,OU=GA-ATL,OU=America,OU=Sites,DC=domain,DC=com;OU=Expire,OU=Accounts,OU=GA-ATL,OU=America,OU=Sites,DC=domain,DC=com;OU=WA-SEA,OU=America,OU=Sites,DC=domain,DC=com
userNameAttribute = samaccountname
Hope this helps.
Hi kannu,
Check this answer https://answers.splunk.com/answers/50175/ldap-authentication-troubleshooting-information.html
Also increase the logging for the AuthenticationManagerLDAP
and the ScopedLDAPConnection
channel in Settings » Server settings » Server logging
and check index=_internal
for LDAP related messages.
Hope that helps ...
cheers, MuS
@MuS ,
No Link which you have provided has diffrent issue , In my case i am able to connect to ldap ,
issue is ldap settings are picking up users which are mentioned under some group , but its not picking up users which are mentioned directly under OU .
Not exactly, the linked answer tells you to test the LDAP connection, and connection information with another tool and visually check the results for verification purpose.
Anyway, have a look at @JDukeSplunk answer how to setup multiple OU's for userBaseDN
cheers, MuS
for the group base dn , you need specify ou attribute
Your ldap configuration should resemble like this
groupBaseDN = ou=Groups,dc=splunksupport,dc=com;
*This is the Base of your Groups in LDAP. You can also specify multiple bases. For example: ou=Management,ou=Groups,dc=Splunkers,dc=com;ou=Consultants,ou=Groups,dc=Splunkers,dc=com;
For more Info
https://www.splunk.com/blog/2009/08/13/ldap-auth-configuration-tips.html
Hope it helps
@ssadanala1 ,
Bro i am not having groups under any OU , After OU there are directly users , there is not group in between users and OU